ACI Performance Troubleshooting and Optimization: Lesson 2: vzAny & Resolution and Deployment options demo



    Lesson 2: vzAny & Resolution and Deployment options demo


    Lesson 2: vzAny & Resolution and Deployment options demo



    In the second ACI training video lesson, Yuliya Suprunouskaya demonstrates vzAny & Resolution and Deployment options demo. The following additional informational resources are provided in this lesson. Show Additional Information



    • vzAny represents the collection of EPGs that belong to the same VRF
    • Instead of configuring contracts to each EPG you can configure a contract to the vzAny


    vzAny restriction for contracts across VRFs

    • With Cross-VRF contracts
    • vzAny can be a consumer, not a provider


    Policy CAM Utilization vzAny - Improving Efficiency

    • EPG’s are not transitive which means allowing anyone (any EPG) to talk to a specific EPG does not mean the other EPG’s can talk to each other
    • Services are often shared across all EPG’s and can be defined as ‘vzAny,' or Any EPG is allowed to consume


    Hardware Table Increase with HW and SW Be careful with range operations on first generation hardware Range operations use one entry only in TCAM with –Ex leafs and newer. The –EX hardware has additional optimizations, for instance, the L4L7 ports don't require ACL expansion.

    • Hw Capacity
    • First Generation: 4k
    • 9372, 9332: 64k
    • 9300-EX: ˜140k
    • Software Enabled as of 2.2
    • First Generation: 4k
    • 9372, 9332: 40k
    • 9300-EX: ˜60k


    Policy CAM Utilization On-Demand – Improving Efficiency

    • Policy Entries ‘optionally; programmed at ingress ‘if’ there is return traffic
    • No Policy for this specific contract has to be programmed anywhere else
    • Policy Entries are programmed at the provider (egress)
    • The policy CAM can be programmed either statically or dynamically
    • Dynamic (On Demand) configuration is applied when an endpoint attaches that requires that policy be programmed and removed when the last endpoint detaches
    • Best Practices Design Guide


    ACI Optimizes the Istantiation of VRF, BD, SVIs, and Contracts

    • In ACI the configuration of the leafs for VRF, Bridge Domains, SVIs, and Contracts is optimized
    • The Logical Topology is not automatically installed on all leafs
    • Only on the leafs where there are workloads that are associated with it
    • This is controlled by the Resolution and Deployment Immediacy


    Resolution and Deployment Immediacy

    • The VMM domain is mapped via the AEP to the ports on Leaf1 and Leaf2
    • EPG domain has Resolution and Deployment Immediacy as options


    This is how this works for Resolution: Immediate

    • Leaf send LLDP or CDP to ESX  (includes Leaf port name)
    • ESX send parsed LLDP information to vCenter
    • APIC receives LLDP information from vCenter
    • APIC downloads VRF, BD, SVI, EPG for VMs behind ESX to the Leaf node


    Use pre-provision only for EPGs for Management/Infrastructure Traffic

    • EPG Vmkernel, Resolution Pre-provision VLAN 10
    • VRF, BD, SVI, Instantiation
    • Create port-group on vDS Assign it VLAN 10


    What if all APICs are down?

    • Traffic Forwarding Continues for new and existing sessions:
      • Link failures can occur
      • New Endpoint Attach


    Contracts Optimizations

    • When using the contracts be aware of the "scope" of the contracts
    • When possible Use the on-demand resolution and deployment immediacy for the EPGs
    • You can use vzAny to create contract rules that are valid across all EPGs in a VRF:
      • Note 1: vzAny also includes the L3out
      • Note 2: vzAny can only be consumer of a shared service contract
    • You can use the established flag to reduce the number of contracts that you have to configure
    • To optimize the EPG-to-L3out contract utilization, you should use the option called ingress filtering at the VRF level.


    Lesson 1: What are Contracts in ACI

    Lesson 2: vzAny & Resolution and Deployment options demo

    Lesson 3: ACI Performance Troubleshooting and Optimization demo

    Post-Seminar Discussion Thread

    Review ACI Certification Options

    ACI Discussions

    Watch more ACI Training Videos

    ACI Training Resources